AJAX-Tips
Recently IBM announced the launching of their new security scanning software called IBM Rational AppScan. This was the result of IBM’s acquisition of Watchfire, a web security company, this July 2007. IBM Rational AppScan will become part of the IBM suite of services to their existing and upcoming clients. With this product, IBM is hoping to get closer to its competitors when it comes to software and application development. IBM Rational AppScan is on its maiden version, just out of beta testing, now available for consumer and business use. This software is IBM’s answer to the growing need to come up with security scanning software able to handle complicated coding and mash-ups. Although most of the security scanning software offers this type of service, the latest release of these scanning softwares was before the hype of mash-ups came. The result is a lackluster scanning that can only scan a single application and not the process as a whole. IBM Rational AppScan hopefully would fill the void. With so many websites that uses mash-ups, everyone is susceptible to attacks if prevention is not properly implemented. The timely release of IBM Rational AppScan could be the point of reference of some developers of website security software. One of the coding practices that IBM Rational AppScan hopes to secure is Ajax. The practice of using Ajax in websites is growing rapidly but it could cause serious problems since security is one thing that’s often missed out by these Ajax-based programs. Some security systems will scan each process within Ajax namely the process of JavaScript, XML and HTML. But they are not seen as a whole which often resulted to a virtually open back door for hackers. Each of them is working well but together they create a weave of process that’s not secured enough for some websites. That is why one of the main features of the IBM Rational AppScan is look at the multi-step processes. Instead of taking a look at each of the program, the whole process is considered. IBM Rational AppScan was also created to answer the problem of most Web 2.0 websites. Hackers can easily infiltrate Web 2.0 sites since it relies in user generated content. Everyone can log in and upload their content. They could easily attach viruses and spywares in their content. Eventually it could infiltrate other users’ computer or worst infect the websites server, bringing the site to a halt. Some companies that use IBM have already expressed their optimism with the launch of this software. John Meakin, the head of information security in Standard Chartered Bank has this thought, “With IBM Rational AppScan, Standard Chartered Bank is educating its developers and IT staff on the importance of web application security incorporated throughout the development lifecycle. IBM Rational AppScan lets us establish best practice in our coding and testing processes, thereby ensuring the security and compliance of our web applications. This is reducing costs, enhancing the security of our products, and improving our security testing productivity.” The genera manager of the software, Dr. Danny Sabbah also expressed the same optimism, “Traditionally, Web application security testing has been owned by security experts, but that is not enough to stay in synch with the requirements of processes within companies today. The addition of IBM Rational AppScan will help users save time and money by incorporating web application testing much earlier in the software lifecycle process.”
